OVAL Reference oval:com.ubuntu.precise:def:20134470000

Oval Definition:

oval:com.ubuntu.precise:def:20134470000

Revision Date:	2013-11-04	Version:	1
Title:	CVE-2013-4470 on Ubuntu 12.04 LTS (precise) - medium.
Description:	The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2013-4470
Platform(s):	Ubuntu 12.04 LTS	Product(s):
Definition Synopsis
Ubuntu 12.04 LTS (precise) is installed. AND Package Information The 'linux' package in precise was vulnerable but has been fixed (note: '3.2.0-58.88'). OR The 'linux-armadaxp' package in precise was vulnerable but has been fixed (note: '3.2.0-1629.41'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR The 'linux-lts-quantal' package in precise was vulnerable but has been fixed (note: '3.5.0-44.67~precise1'). OR The 'linux-lts-raring' package in precise was vulnerable but has been fixed (note: '3.8.0-35.50~precise1'). OR The 'linux-lts-saucy' package in precise was vulnerable but has been fixed (note: '3.11.0-14.21~precise1'). OR NOT While related to the CVE in some way, the 'linux-lts-trusty' package in precise is not affected (note: '3.13.0-24.46~precise1'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR The 'linux-ti-omap4' package in precise was vulnerable but has been fixed (note: '3.2.0-1442.61').

BACK